Trustwave Blog

News:

Security on the Shelf: A New Report about Wasteful Spending

When our SpiderLabs forensic investigators recently probed a data breach at a restaurant, they noticed a security product sitting unused. The owner explained that it was a firewall appliance he purchased a while back, but never learned how to set up.

Unfortunately, the proprietor is not alone in this predicament. Too many businesses purchase security technologies only to realize they do not have the manpower, skills or time to ensure the solutions are properly installed, updated and working. As a result, the software turns into 'shelfware,' unused and collecting dust, further opening up the organization to risk of an attack.

To document the extent of this problem, Trustwave today published a new report called "Security on the Shelf." It details the findings of a survey, commissioned by the independent research firm Osterman Research, querying 172 IT pros who work at SMBs and enterprises about security controls they have purchased, including those they have never used.

Some of the highlights include:

More money being spent on security:Organizations spent significantly more on security-related software, hardware and services in 2014 than they did in 2013: $115 per user versus $80, representing an increase of 44 percent.

Security sits on the shelf:Twenty-eight percent of organizations are not getting the full value out of their security-related software investments. Of the $115 per user that organizations spent on security software in 2014, $33 of this investment was either underutilized or never used at all.

Not enough resources for security:The four most significant reasons for products turning into shelfware were all focused on insufficient IT staff resources: IT was too busy to implement the software properly, the department did not have enough time to do so, there simply were not enough people available to help, or IT did not understand the software well enough.

No matter the size of their business, in-house IT pros often are overwhelmed. The consequences of having inadequate resources are only compounded by having to cope with skilled attackers, sophisticated threats, massive data proliferation, continued worker mobility and the meteoric rise of internet-connected devices.

To both stay protected and ensure revenue-generating IT projects are getting completed, many businesses are finding relief by partnering with a third-party team of experts whose sole responsibility is to manage their security.